Ensuring A More Secure Future: 3 Challenges Ahead For IT

In August 2012, a group called “Cutting Sword of Justice” claimed responsibility for an attack using the Shamoon virus on 30,000 work stations at the oil giant Saudi Aramco. The virus corrupted files and left machines unusable, shutting down the company’s administration for a week. For CIOs, Shamoon and other recent attacks provide vivid insight into a potential dangerous future for information security.

The knowledge required to create and use such malware is all but certain to spread and grow, providing criminals, industrial spies and rogue states with more powerful weapons. Potential targets will multiply as computers assume greater control over ever more operations in our society, from traffic management to intelligent buildings to robotic surgery. If IT security is full of risks and complications now, the future holds even more challenges.

CIOs are faced with many risks and challenges – from cloud computing and social networks to the proliferation of the mobile devices employees bring to work every day. The lessons learned echo similar themes. Enterprises must develop smart policies and best practices. They must extend a risk-aware culture throughout the work force that includes partners, contractors, and suppliers. These initiatives require strong support from the highest levels of each organization, because their viability itself is at stake.

It’s a world in which the operative word is not great, but greater. There will be greater vulnerability with increasing numbers of intelligent systems creating more potential targets, from autonomous vehicles to smart grids. All of these systems will generate a greater amount of data than we have ever seen before. This means that we will need to develop our security skills at an even greater pace to keep up with the threat.

Here are three challenges driving the future of security:

Challenge #1: There will be more to attack

Over the next 35 years, the world’s population is expected to grow by more than 2 billion – that’s almost another India and China combined. These people, most of them living in cities, will require food, water, energy, transportation as well as other services. To provide them using today’s methods is likely impossible, and certainly unsustainable. The drive for cheaper and more sustainable services will fuel the development of smarter cities. This means that in many cities transport, utilities, healthcare and public safety will be monitored, measured and optimized by advanced information systems, many of them automated. Networks will extend to include billions of sensors and actuators, bringing to life the long promised “Internet of Things.” This trend represents a mammoth growth market for technology companies. However, it requires systems with the highest levels of security from the very initial design stages.

Challenge #2: Securing Big Data

The amount of information that companies and governments manage will continue to grow exponentially as new streams of data capture the activities and behavior of citizens, employees and customers. By 2020, some estimate that we will see a 4,300% increase in data generation. How will we keep all of this highly valuable data secure? How will we ensure that the data maintains integrity across its life cycle?

One option is to build and implement analytic systems to help better detect anomalies and risks. This ranges from patterns of financial transactions to the shifting behavior of individuals. The trick will be to gain vital insights from the coming avalanche of data, and better secure entire information ecosystems, without intruding on privacy.

Challenge #3: The need for more skilled professionals

Security in the coming decade will require a massive influx of brainpower. To confront growing threats, governments and enterprises must educate and recruit a new generation of security experts to build and secure the world’s vital streams of information.

A 2011 report by Frost & Sullivan, the Global Information Security Workforce Study, estimates that jobs for security professionals will expand from 2.3 million to 4.2 million by 2015. However, the greater challenge is to nurture a security elite, with teams prepared to engage at the highest level with the most brilliant virus architects. Jim Gosler, founding director of the CIA’s Clandestine Information Technology Office, warned in a 2010 National Public Radio interview that the talent deficit at the skills stratosphere is severe. He says that only 1,000 world-class luminaries are working to protect global networks, and that 10 to 30 times that number is needed.

There are two things that organizations may do to address this skill gap.

In the short term, some companies might outsource to manage their security environments better. The second, longer term solution, is to make a dedicated effort to advance math and science education.

The future of security cannot be guaranteed by small groups of security savants or purely through the implementation of cutting-edge technologies. For organizations and society to fully address these challenges outlined above, joint effort is required. The message must come from the top to spread to the necessary channels. The only permanent solution to the challenges we face is to create a more risk-aware culture, one in which every single person instinctively understands the risks and accepts the responsibilities that come with living and doing business in a hyper-connected world.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.